How to set up GraphCrawler for automated GraphQL security testing?

Install Python3 and Docker, clone the repository, and install dependencies with pip. Use 'python graphCrawler.py -u -o -a ' for scans, or run in Docker with mounted volumes for file handling, as detailed in the README.

GraphCrawler vs InQL or GraphQLmap: which is better?

GraphCrawler integrates multiple tools like Graphinder and Clairvoyance for endpoint discovery and introspection bypass, offering a more comprehensive toolkit. However, tools like InQL are simpler for basic introspection, while GraphCrawler excels in automation but has a steeper setup.

What types of GraphQL vulnerabilities does GraphCrawler detect?

It finds exposed mutations, sensitive queries like user and file access, tests authentication gaps, and uses graphql-path-enum for data leak paths. It scores each finding from 1 to 10 based on criticality.

Can GraphCrawler work with non-Apollo GraphQL servers?

For introspection bypass, it relies on Clairvoyance, which is designed for Apollo Servers. If introspection is disabled on non-Apollo servers, GraphCrawler may not automatically reconstruct the schema, limiting analysis.

How does GraphCrawler handle authentication testing?

It tests discovered queries to see if authentication is required, and you can pass custom headers with the '-a' option to simulate authenticated requests, as shown in the usage examples.

Is GraphCrawler suitable for continuous integration pipelines?

While Docker support aids deployment, the tool is geared towards one-off security assessments rather than real-time monitoring, and missing features like automated reports may require manual integration for CI/CD.

Open-Awesome

GraphCrawler - The all-in-one GraphQL Security toolkit

MITPythonv1.2

An automated security testing toolkit for GraphQL endpoints that discovers, analyzes, and scores vulnerabilities.

GitHub

335 stars22 forks0 contributors

What is GraphCrawler - The all-in-one GraphQL Security toolkit?

GraphCrawler is an automated security testing toolkit for GraphQL endpoints. It discovers GraphQL APIs, analyzes their schemas for vulnerabilities like exposed mutations or sensitive queries, and tests authentication requirements. The tool scores findings by criticality and can bypass disabled introspection to reconstruct schemas.

Target Audience

Security researchers, penetration testers, and developers responsible for securing GraphQL APIs who need to automate vulnerability assessment.

Value Proposition

Developers choose GraphCrawler because it integrates multiple specialized tools into a single, automated workflow, providing comprehensive security analysis and criticality scoring for GraphQL endpoints, significantly reducing manual testing time.

Overview

GraphQL automated security testing toolkit

Use Cases

Best For

Automated security assessments of GraphQL APIs in penetration testing engagements
Discovering hidden or exposed GraphQL endpoints across a domain
Identifying sensitive data exposures like user queries or file access in GraphQL schemas
Testing authentication requirements for GraphQL queries and mutations
Bypassing disabled introspection to analyze Apollo Server endpoints
Prioritizing GraphQL vulnerabilities with a standardized criticality score

Not Ideal For

Projects requiring passive, non-intrusive security analysis without active endpoint probing
Teams using non-GraphQL APIs or needing cross-API type vulnerability scanning
Organizations with compliance requirements that forbid automated scanning without explicit permissions
Environments where quick, minimal-configuration security tools are preferred over integrated toolkits

Pros & Cons

Pros

Automated Endpoint Discovery

Integrates Graphinder to automatically search for GraphQL endpoints via subdomain enumeration and directory scanning, saving manual reconnaissance time.

Comprehensive Schema Analysis

Checks for enabled mutations, identifies sensitive queries like users and files, tests authentication requirements, and scores findings from 1 to 10 for prioritization.

Robust Introspection Bypass

Uses Clairvoyance to brute-force and reconstruct schemas when introspection is disabled on Apollo Servers, extending analysis capabilities.

Docker Containerization

Supports Docker deployment with volume mounting for easy file handling, simplifying setup and ensuring consistent environments.

Cons

Limited Non-Apollo Support

Introspection bypass via Clairvoyance only works on Apollo Servers, leaving other GraphQL server types uncovered when introspection is disabled.

Complex Setup and Dependencies

Requires manual installation of Python dependencies and Docker, which can be cumbersome for quick or ad-hoc security assessments.

Incomplete Automation

As per the TODO list, features like automated full reports and query crafting are missing, requiring manual steps for comprehensive analysis.

Frequently Asked Questions

Related Projects

InQL Scanner

InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.

Stars1,779

Forks184

Last commit1 month ago

GraphQL Cop

Security Auditor Utility for GraphQL APIs

Stars650

Forks93

Last commit6 months ago

Escape Graphinder - GraphQL Subdomain Enumeration

🕸️ Blazing fast GraphQL endpoints finder using subdomain enumeration, scripts analysis and bruteforce. 🕸️

Stars227

Forks14

Last commit3 years ago

GraphQLer

🔍A cutting edge context aware GraphQL API fuzzing tool!

Stars163

Forks16

Last commit2 days ago

Community-curated · Updated weekly · 100% open source

Found a gem we're missing?

Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.

Submit a project Star on GitHub